Description

Closed consultation Draft Law on Personal Data Protection including cybersecurity regulation

On 24 November 2024, the Ministry of Public Security closed the public consultation on the Draft Law on Personal Data Protection. The draft law requires organisations to implement suitable technical and organisational measures to safeguard personal data against unauthorised access, disclosure or misuse. This encompasses the establishment of a dedicated data protection officer or department for the purpose of providing oversight, although small and medium-sized enterprises and startups may be temporarily exempt. In the event of a personal data breach, the relevant authorities and data subjects must be informed. The notification must include a detailed account of the nature of the breach, its consequences, and the measures taken to mitigate its impact. It is required that organisations conduct regular risk assessments and audits in order to ensure ongoing compliance with data protection legislation.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-09-24
in consultation

On 24 September 2024, the Ministry of Public Security opened a consultation on the Draft Law on Per…

2024-11-24
processing consultation

On 24 November 2024, the Ministry of Public Security closed the public consultation on the Draft La…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.